<?
/***************************************************************************
 *   Originally by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) - 2004
 *   Last Updated: testauction-php - 2009
 *   site : http://code.google.com/p/testauction-php
 ***************************************************************************/

/***************************************************************************
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as 
 *   published by the Free Software Foundation; either version 2 of the
 *   License, or (at your option) any later version. Although none of the
 *   code may be sold. If you have been sold this script, get a refund.
 ***************************************************************************/
include("database.php");
include("mailer.php");
include("form.php");

class Session
{
   var $username;     //Username given on sign-up
   var $userid;       //Random value generated on current login
   var $userlevel;    //The level to which the user pertains
   var $time;         //Time user was last active (page loaded)
   var $logged_in;    //True if user is logged in, false otherwise
   var $userinfo = array();  //The array holding all user info
   var $url;          //The page url current being viewed
   var $referrer;     //Last recorded site page viewed
   /**
    * Note: referrer should really only be considered the actual
    * page referrer in process.php, any other time it may be
    * inaccurate.
    */

   /* Class constructor */
   function Session(){
      $this->time = time();
      $this->startSession();
   }

   /**
    * startSession - Performs all the actions necessary to 
    * initialize this session object. Tries to determine if the
    * the user has logged in already, and sets the variables 
    * accordingly. Also takes advantage of this page load to
    * update the active visitors tables.
    */
   function startSession(){
      global $database;  //The database connection
      session_start();   //Tell PHP to start the session
	  
      /* Determine if user is logged in */
      $this->logged_in = $this->checkLogin();

      /**
       * Set guest value to users not logged in, and update
       * active guests table accordingly.
       */
      if(!$this->logged_in){
         $this->username = $_SESSION['username'] = GUEST_NAME;
         $this->userlevel = GUEST_LEVEL;
         $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
      }
      /* Update users last active timestamp */
      else{
         $database->addActiveUser($this->username, $this->time);
      }

      /* Remove inactive visitors from database */
      $database->removeInactiveUsers();
      $database->removeInactiveGuests();
      
      /* Set referrer page */
      if(isset($_SESSION['url'])){
         $this->referrer = $_SESSION['url'];
      }else{
         $this->referrer = "/";
      }

      /* Set current url */
      $this->url = $_SESSION['url'] = $_SERVER['REQUEST_URI'];
	  //$_SERVER['PHP_SELF'].(isset($_SERVER['QUERY_STRING']) ? "?".$_SERVER['QUERY_STRING'] : "")."";
   }

   /**
    * checkLogin - Checks if the user has already previously
    * logged in, and a session with the user has already been
    * established. Also checks to see if user has been remembered.
    * If so, the database is queried to make sure of the user's 
    * authenticity. Returns true if the user has logged in.
    */
   function checkLogin(){
      global $database;  //The database connection
      /* Check if user has been remembered */
      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
         $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
         $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
      }

      /* Username and userid have been set and not guest */
      if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
         $_SESSION['username'] != GUEST_NAME){
         /* Confirm that username and userid are valid */
         if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0 
		  && $database->usernameBanned($_SESSION['username'])) {
            /* Variables are incorrect, user not logged in */
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            return false;
         }

         /* User is logged in, set class variables */
         $this->userinfo  = $database->getUserInfo($_SESSION['username']);
         $this->username  = $this->userinfo['username'];
         $this->userid    = $this->userinfo['userid'];
         $this->userlevel = $this->userinfo['userlevel'];
         return true;
      }
      /* User not logged in */
      else{
         return false;
      }
   }

   /**
    * login - The user has submitted his username and password
    * through the login form, this function checks the authenticity
    * of that information in the database and creates the session.
    * Effectively logging in the user if all goes well.
    */
   function login($subuser, $subpass, $subremember){
      global $database, $form;  //The database and form object

      /* Username error checking */
      $field = "lbox_user";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Introduceti numele de utilizator");
      }
      else{
         /* Check if username is not alphanumeric */
         if(!eregi("^([0-9a-z])*$", $subuser)){
            $form->setError($field, "* Numele de utilizator contine caractere nepermise");
         }
      }

      /* Password error checking */
      $field = "lbox_pass";  //Use field name for password
      if(!$subpass){
         $form->setError($field, "* Introduceti parola");
      }
	  else{
		sql_check(array($subpass));
      }

      /* Return if form errors exist */
      if($form->num_errors > 0){
         return false;
      }
	  
	  if($database->usernameBanned($_SESSION['username'])) {
		return false;
	  }

      /* Checks that username is in database and password is correct */
      $subuser = stripslashes($subuser);
	  $result = $database->confirmUserPass($subuser, md5($subpass));
      
      /* Check error codes */
      if($result == 1){
         $field = "lbox_pass";
         $form->setError($field, "* Datele sunt eronate");
      }
      else if($result == 2 || $result == 3){
         $field = "lbox_pass";
         $form->setError($field, "* Datele sunt eronate");
      }
      /* Return if form errors exist or if the user is already active*/
      if($form->num_errors > 0 || $database->isUserActive($subuser) || ($database->isUserConfirmed($subuser) != 1)){
         return false;
      }

      /* Username and password correct, register session variables */
      $this->userinfo  = $database->getUserInfo($subuser);
      $this->username  = $_SESSION['username'] = $this->userinfo['username'];
      $this->userid    = $_SESSION['userid']   = generateRandID();
      $this->userlevel = $this->userinfo['userlevel'];
      
      /* Insert userid into database and update active users table */
      $database->updateUserField($this->username, "userid", $this->userid);
      $database->addActiveUser($this->username, $this->time);
      $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

      /**
       * This is the cool part: the user has requested that we remember that
       * he's logged in, so we set two cookies. One to hold his username,
       * and one to hold his random value userid. It expires by the time
       * specified in constants.php. Now, next time he comes to our site, we will
       * log him in automatically, but only if he didn't log out before he left.
       */
      if($subremember){
         setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
         setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);
      }

      /* Login completed successfully */
      return true;
   }

   /**
    * logout - Gets called when the user wants to be logged out of the
    * website. It deletes any cookies that were stored on the users
    * computer as a result of him wanting to be remembered, and also
    * unsets session variables and demotes his user level to guest.
    */
   function logout(){
      global $database;  //The database connection
      /**
       * Delete cookies - the time must be in the past,
       * so just negate what you added when creating the
       * cookie.
       */
      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
         setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
         setcookie("cookid",   "", time()-COOKIE_EXPIRE, COOKIE_PATH);
      }

      /* Unset PHP session variables */
      unset($_SESSION['username']);
      unset($_SESSION['userid']);

      /* Reflect fact that user has logged out */
      $this->logged_in = false;
      
      /**
       * Remove from active users table and add to
       * active guests tables.
       */
      $database->removeActiveUser($this->username);
      $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
      
      /* Set user level to guest */
      $this->username  = GUEST_NAME;
      $this->userlevel = GUEST_LEVEL;
   }

   /**
    * register - Gets called when the user has just submitted the
    * registration form. Determines if there were any errors with
    * the entry fields, if so, it records the errors and returns
    * 1. If no errors were found, it registers the new user and
    * returns 0. Returns 2 if registration failed.
    */
   function register($subuser, $subpass, $subrepass, $subemail, $subsurname, $subname){
      global $database, $form, $mailer;  //The database, form and mailer object
      
      /* Username error checking */
      $field = "user";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Introduceti numele de utilizator dorit");
      }
      else{
         /* Spruce up username, check length */
         $subuser = stripslashes($subuser);
         if(strlen($subuser) < 5){
            $form->setError($field, "* Numele de utilizator are sub 5 de caractere");
         }
         else if(strlen($subuser) > 30){
            $form->setError($field, "* Numele de utilizator are peste 30 de caractere");
         }
         /* Check if username is not alphanumeric */
         else if(!eregi("^([0-9a-z])+$", $subuser)){
            $form->setError($field, "* Numele de utilizator contine caractere interzise (ex.: !*<>$^&[]{})");
         }
         /* Check if username is reserved */
         else if(strcasecmp($subuser, GUEST_NAME) == 0){
            $form->setError($field, "* Numele de utilizator este deja folosit");
         }
         /* Check if username is already in use */
         else if($database->usernameTaken($subuser)){
            $form->setError($field, "* Numele de utilizator este deja folosit");
         }
         /* Check if username is banned */
         else if($database->usernameBanned($subuser)){
            $form->setError($field, "* Acest nume de utilizator a fost restrictionat");
         }
      }

      /* Password error checking */
      $field = "pass";  //Use field name for password
      if(!$subpass){
         $form->setError($field, "* Introduceti parola");
      }
      else{
         /* Spruce up password and check length*/
         $subpass = stripslashes($subpass);
         if(strlen($subpass) < 4){
            $form->setError($field, "* Parola prea scurta");
         }
		 sql_check(array($subpass));
         /* Check if password is not alphanumeric */
         /*else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
            $form->setError($field, "* Password not alphanumeric");
         }
         /**
          * Note: I trimmed the password only after I checked the length
          * because if you fill the password field up with spaces
          * it looks like a lot more characters than 4, so it looks
          * kind of stupid to report "password too short".
          */
      }
 
	  /* Retype password error checking */
	  $field = "repass";
	  if(!$subrepass){
		$form->setError($field, "* Repetati corect parola");
	  }
	  else{
         /* Spruce up password and check length*/
         $subrepass = stripslashes($subrepass);
		 if($subrepass != $subpass)
			$form->setError($field, "* Repetati corect parola");
	  }
    
      /* Email error checking */
      $field = "email";  //Use field name for email
      if(!$subemail || strlen($subemail = trim($subemail)) == 0){
         $form->setError($field, "* Introduceti adresa de e-mail");
      }
	  else{
         /* Check if valid email address */
         $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
                 ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
                 ."\.([a-z]{2,}){1}$";
         if(!eregi($regex,$subemail)){
            $form->setError($field, "* Adresa de e-mail invalida");
         }
         $subemail = stripslashes($subemail);
      }
  
	  $field ="surname";
	  if(!$subsurname || strlen($subsurname = trim($subsurname)) == 0){
		$form->setError($field, "* Introduceti numele");
	  }
	  else{
	    $subsurname = stripslashes(clean_variable($subsurname));
		if(!eregi("^([a-z])+$", $subsurname)){
            $form->setError($field, "* Numele contine caractere interzise (ex.: !*<>$^&[]{})");
        }
	  }
  
	  $field ="gname";
	  if(!$subname || strlen($subname = trim($subname)) == 0){
		$form->setError($field, "* Introduceti prenumele");
	  }
	  else{
		$subname = stripslashes(clean_variable($subname));
		if(!eregi("^([a-z])+$", $subname)){
            $form->setError($field, "* Prenumele contine caractere interzise (ex.: !*<>$^&[]{})");
        }
	  }

      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         return 1;  //Errors with form
      }
      /* No errors, add the new account to the */
      else{
         if($database->addNewUser($subuser, md5($subpass), $subemail, $subsurname, $subname, 1)){
            if(EMAIL_WELCOME){
               $mailer->sendWelcome($subuser, $subemail, $subpass);
            }
            return 0;  //New user added succesfully
         }else{
            return 2;  //Registration attempt failed
         }
      }
   }
   
   /**
    * editAccount - Attempts to edit the user's account information.
    */
   function editAccount($subsurname, $subname, $subtelno, $subcity, 
	$substate, $subpostcode, $subaddress, $subnewsletter){
      global $database, $form;  //The database and form object
		
	  $field = "surname";
	  if(!$subsurname || strlen($subsurname = trim($subsurname)) == 0){
		$form->setError($field, "* Introduceti numele");
	  }
	  else{
	    $subsurname = stripslashes(clean_variable($subsurname));
		if(!eregi("^([a-z])+$", $subsurname)){
            $form->setError($field, "* Numele contine caractere interzise (ex.: !*<>$^&[]{})");
        }
	  }
  
	  $field = "gname";
	  if(!$subname || strlen($subname = trim($subname)) == 0){
		$form->setError($field, "* Introduceti prenumele");
	  }
	  else{
		$subname = stripslashes($subname);
		if(!eregi("^([a-z\-])+$", $subname)){
            $form->setError($field, "* Prenumele contine caractere interzise (ex.: !*<>$^&[]{})");
        }
	  }
  
	  $field = "telno";
	  if(!$subtelno || strlen($subtelno = trim($subtelno)) == 0){
		$form->setError($field, "*");
	  }
	  else{
		$isvalidmobile = preg_match('/^\(?(07\d)\d\)?[-\s]?\d{3}[-\s]?\d{3}$/', $subtelno);
		$isvalidland = preg_match('/^\(?(0\d\d\d)[-\s]?\d{3}[-\s]?\d{3}$/', $subtelno);
		$telchr = array("(", ")", "-", "+");		
		$subtelno = str_replace($telchr, '', $subtelno);
		if(!$isvalidmobile && !$isvalidland)
			$form->setError($field, "* Introduceti un numar de telefon corect.");
	  }
 
	  $field = "city";
	  if(!$subcity || strlen($subcity = trim($subcity)) == 0){
		$form->setError($field, "* Introduceti orasul");
	  }
	  else{
		$subcity = stripslashes($subcity);
		if(!eregi("^([a-z])+$", $subcity)){
            $form->setError($field, "* Orasul contine caractere interzise (ex.: !*<>$^&[]{})");
        }
	  }
  
	  $field = "state";
	  if(!$substate || strlen($substate = trim($substate)) == 0){
		$form->setError($field, "* Introduceti judetul");
	  }
	  else{
	  	$substate = stripslashes(clean_variable($substate));
		if(!eregi("^([a-z])+$", $substate)){
            $form->setError($field, "* Judetul contine caractere interzise (ex.: !*<>$^&[]{})");
        }
	  }
 
	  $field = "postcode";
	  if(!$subpostcode || strlen($subpostcode = trim($subpostcode)) == 0){
		$form->setError($field, "* Introduceti codul postal");
	  }
	  else{
	  	$subpostcode = stripslashes($subpostcode);
		if(!eregi("^([0-9])+$", $subpostcode)){
            $form->setError($field, "* Codul postal este incorect");
        }
	  }
 
	  $field = "address";
	  if(!$subaddress || strlen($subaddress = trim($subaddress)) == 0){
		$form->setError($field, "* Introduceti adresa");
	  }
	  else{
	  	$subaddress = stripslashes($subaddress);
		sql_check(array($subaddress));
		if(!eregi("^([0-9a-z,. ])+$", $subaddress)){
            $form->setError($field, "* Adresa este incorecta");
        }
	  }

      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         return false;  //Errors with form
      }
    
      /* Update fields since there were no errors */
      $database->updateUserDataField($this->userinfo['userkey'], 'surname', $subsurname);
	  $database->updateUserDataField($this->userinfo['userkey'], 'name', $subname);
	  $database->updateUserDataField($this->userinfo['userkey'], 'telno', $subtelno);
	  $database->updateUserDataField($this->userinfo['userkey'], 'city', $subcity);
	  $database->updateUserDataField($this->userinfo['userkey'], 'state', $substate);
      $database->updateUserDataField($this->userinfo['userkey'], 'postcode', $subpostcode);
      $database->updateUserDataField($this->userinfo['userkey'], 'address', $subaddress);
   
	  $database->updateUserField($this->username, 'newsletter', $subnewsletter);
	  $database->updateUserField($this->username, 'data_filled', 1);

	  /* Success! */
      return true;
   }
   
	function changePassword($subcurpass, $subnewpass, $subrepass){
		global $database, $form;
		if($subnewpass){
			/* Current Password error checking */
			$field = "curpass";  //Use field name for current password
			if(!$subcurpass){
				$form->setError($field, "* Introduceti parola curenta");
			}
			else{
				/* Check if password too short or is not alphanumeric */
				$subcurpass = stripslashes($subcurpass);
				if(strlen($subcurpass) < 4 /*||
				   !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))*/){
				   $form->setError($field, "* Parola curenta incorecta");
				}
				/* Password entered is incorrect */
				if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
				   $form->setError($field, "* Parola curenta incorecta");
				}
			}

			/* New Password error checking */
			$field = "newpass";  //Use field name for new password
			/* Spruce up password and check length*/
			$subnewpass = stripslashes($subnewpass);
			if(strlen($subnewpass) < 4){
				$form->setError($field, "* Noua parola e prea scurta");
			}
			/* Check if password is not alphanumeric */
			/*else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
					$form->setError($field, "* New Password not alphanumeric");
			}*/
			sql_check(array($subnewpass));
			
			/* Retype password error checking */
			$field = "repass";
			if(!$subrepass){
				$form->setError($field, "* Repetati noua parola");
			}
			else{
				/* Spruce up password and check length*/
				$subrepass = stripslashes($subrepass);
				if($subrepass != $subnewpass)
					$form->setError($field, "* Repetati noua parola");
			}
		}
		/* Change password attempted */
		else if($subcurpass){
			/* New Password error reporting */
			$field = "newpass";  //Use field name for new password
			$form->setError($field, "* Nu ati introdus o noua parola");
		}
		
		/* Errors exist, have user correct them */
		if($form->num_errors > 0){
			return false;  //Errors with form
		}
		
		/* Update password since there were no errors */
		if($subcurpass && $subnewpass){
			execute_update('UPDATE '.TBL_PASSWORDS.' SET password = ? WHERE userkey = ?', 
				array(md5($subnewpass), $this->userinfo['userkey']));
		}
		
		/* Success! */
		return true;
	}

   /**
    * isAdmin - Returns true if currently logged in user is
    * an administrator, false otherwise.
    */
   function isAdmin(){
      return ($this->userlevel == ADMIN_LEVEL ||
              $this->username  == ADMIN_NAME);
   }
};


/**
 * Initialize session object - This must be initialized before
 * the form object because the form uses session variables,
 * which cannot be accessed unless the session has started.
 */
$session = new Session;

/* Initialize form object */
$form = new Form;

?>
